Here's how to chat with your Facebook friends using encryption

Cryptocat can now pull a person's buddy list from Facebook

Facebook can't see messages exchanged using Cryptocat, an open-source encrypted messaging application.

Facebook can't see messages exchanged using Cryptocat, an open-source encrypted messaging application.

Facebook's messaging application doesn't support encryption, but an open-source chat program, Cryptocat, has made it possible to chat with friends there over an encrypted connection.

The program's founder, Nadim Kobeissi, wrote Monday that the latest 2.2 version of Cryptocat can log a user into Facebook and pull his contact list in order to set up an end-to-end encrypted conversation.

"Effectively, what Cryptocat is doing is benefitting from your Facebook Chat contact list as a readily available buddy list," he wrote.

The move could augment Cryptocat's user base since new users won't have the chore of building a new contacts list, although they would need to download Cryptocat's browser extension or iPhone application to benefit from encryption.

The security of emails and messages was brought sharply into focus by secret documents leaked by former U.S. National Security Agency contractor Edward Snowden revealing sophisticated online surveillance techniques used by the spy agency.

Facebook has said it could enable end-to-end encryption between users exchanging data, but said such technology is complicated and makes it harder for people to communicate.

Messages exchanged using Facebook are protected by SSL (Secure Sockets Layer) encryption, but that only encrypts data between an end user and Facebook. The social networking service would have access to the clear text of those conversations, which potentially could be surrendered to law enforcement under a court order.

If two people are using Cryptocat, Facebook will know an exchange occurred between the two users and the time of their chat. But the messages themselves will only say: [encrypted message].

The fact that Facebook knows two people are chatting, a type of information known as metadata, should not be a deal breaker, Kobeissi wrote. Users presumably know they're divulging that information already to Facebook by using their service.

"There's no harm in Cryptocat using this already-given metadata to allow these users to set up encrypted chats," Kobeissi wrote. "The usability benefits of being able to quickly see which friends are online and ready for an encrypted chat remain overly substantial for those users."

Facebook will know, however, that the people are using the application due to the use of a Cryptocat relay to transfer the contacts list, he wrote.

Kobeissi wrote that if a person's Facebook friend logs into the service and is using Cryptocat, the conversation is automatically upgraded to an encrypted one. If one party does not have Cryptocat installed, the two people may chat, but the text will not be encrypted.

Cryptocat opted not to integrate itself directly into the Facebook chat interface to maintain "layers of separation," Kobeissi wrote.

"Such an approach would have made encrypted chats over Facebook even more immediate, but would have immersed Cryptocat into Facebook's network and runtime environment in a way that didn't satisfy our security precautions," he wrote.

Cryptocat connects to Facebook as an XMPP client over its outbound BOSH relay. No code from Facebook is loaded or executed within Cryptocat, and the login procedure happens in a sandboxed window, Kobeissi wrote.

Cryptocat version 2.2 is available for Chrome, Safari and Opera. An update to Firefox is due to be released later this week.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityinternetFacebooksocial networkingencryptioninstant messagingInternet-based applications and servicesCryptocat

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?